[cap-talk] Support of MLS policies (was Re: NLTSS)
Stiegler, Marc D
marc.d.stiegler at hp.com
Thu Jul 12 12:52:53 EDT 2007
> > What systems do the military
> > use currently (or any other community highly concerned by security)?
>
> As I understand matters, they were forced into single-level
> OS's supported by multilevel networks. At the moment, its
> basically "one machine, one compartment", and the network
> infrastructure implements distributed compartments. Where
> this is not feasible, everything runs "system high".
>
> A notable exception is some recent work by Rockwell-Collins,
> which implements separation kernels in *hardware*.
Yes, they use Windows just like everyone else, disconnecting from the
network for compartmentalization. There is a system that uses VMWARE for
compartmenting on a single machine that has been authorized for use in
compartmented applications. Authorization for this kludge came about,
not because it received a security audit that proved it worked, but
because they were desperate. But to my knowledge that system has been
deployed in only a tiny number of places.
--marcs
More information about the cap-talk
mailing list